Is it safe to change passwords and profile of the user by default DB?
Version of the grid: 11.2.0.4.0
RDBMS version: 11.2.0.4.0
Platform: Oracle Linux 6.4
To comply with upcoming security audit, we need all DB users except users of the application to conform to the password of our firm strategy.
Currently, all of our DB users belong to the DEFAULT profile which is not to impose restrictions such as the complexity of password, password expiration.
To implement password policy, I created 3 profiles and a password check the operation.
Here are the 3 profiles, that I introduce
MANH_ADM - for SYS, SYSTEM, SYSMAN users. Associated with a password check function that responds to the lack of policies of our firm.
MANH_NONADM - for users who were created by default when you create a new database. Associated with a password check the operation comply with the policies of our firm
MANH_APP - users for the Application. Very mild. No restrictions as requested by the team of apps. No associated password policy.
Here is an excerpt of the script we used to implement all our DBs It Security.
change the profile of these users to a custom profile named MANH_NONADM and changes the password for all users by default DB.
ALTER USER OUTLN PROFILE MANH_NONADM;
ALTER USER PROFILE MANH_NONADM DIP.
ALTER USER ORACLE_OCM PROFILE MANH_NONADM;
ALTER USER APPQOSSYS PROFILE MANH_NONADM;
ALTER USER WMSYS PROFILE MANH_NONADM;
ALTER USER EXFSYS PROFILE MANH_NONADM;
-For the oracle text, do not apply
ALTER USER CTXSYS PROFILE MANH_APP;
-MGMT_VIEW used OEM Database control. Do not apply
ALTER USER MGMT_VIEW PROFILE MANH_APP;
-Used by the Manager of the company, do not apply
ALTER USER PROFILE MANH_APP DBSNMP.
-XDB stores metadata and data in Oracle XML DB. Do not apply
ALTER USER XDB PROFILE MANH_APP;
-ALTER USER XS$ PROFILE NULL MANH_NONADM;
ALTER USER PROFILE ANONYMOUS MANH_NONADM;
ALTER USER ORDPLUGINS PROFILE MANH_NONADM;
ALTER USER ORDSYS PROFILE MANH_NONADM;
ALTER USER ORDDATA PROFILE MANH_NONADM;
ALTER USER SI_INFORMTN_SCHEMA PROFILE MANH_NONADM;
ALTER USER MDSYS PROFILE MANH_NONADM;
ALTER USER OLAPSYS PROFILE MANH_NONADM;
ALTER USER MDDATA PROFILE MANH_NONADM;
ALTER USER SPATIAL_WFS_ADMIN_USR PROFILE MANH_NONADM;
ALTER USER SPATIAL_CSW_ADMIN_USR PROFILE MANH_NONADM;
ALTER USER APEX_PUBLIC_USER PROFILE MANH_NONADM;
ALTER USER FLOWS_FILES PROFILE MANH_NONADM;
ALTER USER APEX_030200 PROFILE MANH_NONADM;
ALTER USER OWBSYS PROFILE MANH_NONADM;
ALTER USER OWBSYS_AUDIT PROFILE MANH_NONADM;
-Change password
ALTER USER OUTLN IDENTIFIED BY uNani8987 #;
ALTER USER IDENTIFIED BY Hg DIP $ i9CLai;
ALTER USER ORACLE_OCM IDENTIFIED BY Hg$ i9CLak;
ALTER USER IDENTIFIED BY pR DBSNMP $ YeoT3i; -> This messed up Enterprise manager
ALTER USER IDENTIFIED BY pR APPQOSSYS $ YeoT3m;
ALTER USER WMSYS IDENTIFIED BY Hg$ i9CLna;
ALTER USER EXFSYS IDENTIFIED BY Hg$ i9CLnb;
ALTER USER CTXSYS IDENTIFIED BY Hg$ i9CLns;
EDIT ANONYMOUS USER IDENTIFIED BY Hg$ i9CLnc;
ALTER USER IDENTIFIED BY Hg XDB $ i9CLnd;
-ALTER USER XS$ NULL IDENTIFIED BY Hg$ i9CLne;
ALTER USER ORDPLUGINS IDENTIFIED BY Hg$ i9CLnaf;
ALTER USER ORDSYS IDENTIFIED BY Hg$ i9CLnag;
ALTER USER ORDDATA IDENTIFIED BY Hg$ i9CLnah;
ALTER USER IDENTIFIED BY pR SI_INFORMTN_SCHEMA $ YeoT3m;
ALTER USER MDSYS IDENTIFIED BY julsi8987 #;
ALTER USER IDENTIFIED BY pR OLAPSYS $ YeoT3w;
ALTER USER MDDATA IDENTIFIED BY uNani8987 #;
ALTER USER SPATIAL_WFS_ADMIN_USR IDENTIFIED BY Hg$ i9CLai;
ALTER USER SPATIAL_CSW_ADMIN_USR IDENTIFIED BY Hg$ i9CLak;
ALTER USER IDENTIFIED BY pR MGMT_VIEW $ YeoT3i;
ALTER USER IDENTIFIED BY UI APEX_PUBLIC_USER $ YeoT3m;
ALTER USER FLOWS_FILES IDENTIFIED BY Hg$ i9CLna;
ALTER USER APEX_030200 IDENTIFIED BY Hg$ i9CLnb;
ALTER USER OWBSYS IDENTIFIED BY Hg$ i9CLnb;
ALTER USER IDENTIFIED BY pR OWBSYS_AUDIT $ YeoT3s;
The script above was performed on one of our criticisms of production DBs. After this, Enterprise manager has stopped working because the default password of DBSNMP has changed. To solve this problem, password of DBSNMP must be changed in a special way as described in 259387.1
Now I fear that other DB features may not work if I change the password of users by default.
So, we want to know if it is safe to
1. change the password of the default DB users mentioned above?
2. change the user profile DB default DEFAULT value for a custom profile as shown above?
Max wrote:
Version of the grid: 11.2.0.4.0
RDBMS version: 11.2.0.4.0
Platform: Oracle Linux 6.4
To comply with upcoming security audit, we need all DB users except users of the application to conform to the password of our firm strategy.
Currently, all of our DB users belong to the DEFAULT profile which is not to impose restrictions such as the complexity of password, password expiration.
To implement password policy, I created 3 profiles and a password check the operation.
Here are the 3 profiles, that I introduce
MANH_ADM - for SYS, SYSTEM, SYSMAN users. Associated with a password check function that responds to the lack of policies of our firm.
MANH_NONADM - for users who were created by default when you create a new database. Associated with a password check the operation comply with the policies of our firm
MANH_APP - users for the Application. Very mild. No restrictions as requested by the team of apps. No associated password policy.
Here is an excerpt of the script we used to implement all our DBs It Security.
change the profile of these users to a custom profile named MANH_NONADM and changes the password for all users by default DB.
ALTER USER OUTLN PROFILE MANH_NONADM;
ALTER USER PROFILE MANH_NONADM DIP.
ALTER USER ORACLE_OCM PROFILE MANH_NONADM;
ALTER USER APPQOSSYS PROFILE MANH_NONADM;
ALTER USER WMSYS PROFILE MANH_NONADM;
ALTER USER EXFSYS PROFILE MANH_NONADM;
-For the oracle text, do not apply
ALTER USER CTXSYS PROFILE MANH_APP;
-MGMT_VIEW used OEM Database control. Do not apply
ALTER USER MGMT_VIEW PROFILE MANH_APP;
-Used by the Manager of the company, do not apply
ALTER USER PROFILE MANH_APP DBSNMP.
-XDB stores metadata and data in Oracle XML DB. Do not apply
ALTER USER XDB PROFILE MANH_APP;
-ALTER USER XS$ PROFILE NULL MANH_NONADM;
ALTER USER PROFILE ANONYMOUS MANH_NONADM;
ALTER USER ORDPLUGINS PROFILE MANH_NONADM;
ALTER USER ORDSYS PROFILE MANH_NONADM;
ALTER USER ORDDATA PROFILE MANH_NONADM;
ALTER USER SI_INFORMTN_SCHEMA PROFILE MANH_NONADM;
ALTER USER MDSYS PROFILE MANH_NONADM;
ALTER USER OLAPSYS PROFILE MANH_NONADM;
ALTER USER MDDATA PROFILE MANH_NONADM;
ALTER USER SPATIAL_WFS_ADMIN_USR PROFILE MANH_NONADM;
ALTER USER SPATIAL_CSW_ADMIN_USR PROFILE MANH_NONADM;
ALTER USER APEX_PUBLIC_USER PROFILE MANH_NONADM;
ALTER USER FLOWS_FILES PROFILE MANH_NONADM;
ALTER USER APEX_030200 PROFILE MANH_NONADM;
ALTER USER OWBSYS PROFILE MANH_NONADM;
ALTER USER OWBSYS_AUDIT PROFILE MANH_NONADM;
-Change password
ALTER USER OUTLN IDENTIFIED BY uNani8987 #;
ALTER USER IDENTIFIED BY Hg DIP $ i9CLai;
ALTER USER ORACLE_OCM IDENTIFIED BY Hg$ i9CLak;
ALTER USER IDENTIFIED BY pR DBSNMP $ YeoT3i; ---> This messed up Enterprise manager
ALTER USER IDENTIFIED BY pR APPQOSSYS $ YeoT3m;
ALTER USER WMSYS IDENTIFIED BY Hg$ i9CLna;
ALTER USER EXFSYS IDENTIFIED BY Hg$ i9CLnb;
ALTER USER CTXSYS IDENTIFIED BY Hg$ i9CLns;
EDIT ANONYMOUS USER IDENTIFIED BY Hg$ i9CLnc;
ALTER USER IDENTIFIED BY Hg XDB $ i9CLnd;
-ALTER USER XS$ NULL IDENTIFIED BY Hg$ i9CLne;
ALTER USER ORDPLUGINS IDENTIFIED BY Hg$ i9CLnaf;
ALTER USER ORDSYS IDENTIFIED BY Hg$ i9CLnag;
ALTER USER ORDDATA IDENTIFIED BY Hg$ i9CLnah;
ALTER USER IDENTIFIED BY pR SI_INFORMTN_SCHEMA $ YeoT3m;
ALTER USER MDSYS IDENTIFIED BY julsi8987 #;
ALTER USER IDENTIFIED BY pR OLAPSYS $ YeoT3w;
ALTER USER MDDATA IDENTIFIED BY uNani8987 #;
ALTER USER SPATIAL_WFS_ADMIN_USR IDENTIFIED BY Hg$ i9CLai;
ALTER USER SPATIAL_CSW_ADMIN_USR IDENTIFIED BY Hg$ i9CLak;
ALTER USER IDENTIFIED BY pR MGMT_VIEW $ YeoT3i;
ALTER USER IDENTIFIED BY UI APEX_PUBLIC_USER $ YeoT3m;
ALTER USER FLOWS_FILES IDENTIFIED BY Hg$ i9CLna;
ALTER USER APEX_030200 IDENTIFIED BY Hg$ i9CLnb;
ALTER USER OWBSYS IDENTIFIED BY Hg$ i9CLnb;
ALTER USER IDENTIFIED BY pR OWBSYS_AUDIT $ YeoT3s;
The script above was performed on one of our criticisms of production DBs. After this, Enterprise manager has stopped working because the default password of DBSNMP has changed. To solve this problem, password of DBSNMP must be changed in a special way as described in 259387.1
Now I fear that other DB features may not work if I change the password of users by default.
So, we want to know if it is safe to
1. change the password of the default DB users mentioned above?
2. change the user profile DB default DEFAULT value for a custom profile as shown above?
(1) as far as the database is concerned, EM is just another app, which just happens to connect with the credentials for DBSNMP.
(2) any process that connects to the database must know what username and password to use for this connection.
(3) any process that connects to the database (EM, or YOUR_CORPORATE_APP or sitting in front of a keyboard) necessarily must keep their passwords somewhere - in your head, the sticky notes stuck on screen (practical baaad), in a text file and in the case of the MA, in an xml file.
(4) so whenever you change a password, the process that uses this password needs to know what the password is, and store it in all repository it uses for this purpose. That's what note ml, tell you how and where to put the new password in the repository that MS uses to remember his password.
(5) therefore the same principle will apply to all other user accounts. If you (or a process on your behalf) changes a password, you (or some process on your behalf) should inform the user in a manner in which the user can understand and take the necessary measures.
If you change a password, you must inform the user. Period. Full stop.
And that's really what are the notes of ML SYSMAN and DBNSMP. There is really nothing 'special' to their topic. The processes that use these accounts (EM, or YOUR_CORPORATE_APP or sitting in front of a keyboard) keep their passwords somewhere - in your head, on sticky notes pasted (practical baaad) onscreen, in a text file and in the case of the MA, in an xml file. So whenever you change a password, the process that uses this password needs to know what is the new password.
Tags: Database
Similar Questions
-
Drop-down list: distinguish between programming and modification of the user
I have a drop-down list with a few options, the selected displays current status.
The State can change programmatically I have to update the drop-down list.
I want to distinguish between this change programme and focused on the user.
No idea how I could do this?
The classic solution to this problem is to add a flag (Boolean property) that you control, and which inhibits the onThingChanged response when set. You set this just before you perform a change of programming and clear right after. When the change is made by the user, the flag will be clear and the onThingChanged would do its thing.
There may be other ways to do this in specific cases, but this approach has worked in all situations in which I have tried so far.
-
Move the profile of the user LICENSE AND remote desktop services
original title: profile of the user AND of LICENSES for remote desktop services
Hello everyone, my name is Kostas and I have the following question. I want my employees to the remote desktop services user profile.
I have install a Windws Server 2008 R2 with Remote Desktop Session Host Server.Do I need remote desktop licenses or not?I'm in the test environment with three users logged on to the remote desktop user profile and I see that I have no license to date. But I'm not sure if you need it or not.Hello
The question you posted would be better suited to the TechNet community. Please visit the link below to find a community that will provide the support you want.
http://TechNet.Microsoft.com/en-us/WindowsServer/bb310558.aspx
Hope this information is useful.
-
I use windows Vista that is installed on drive C: (OS) year 80 gig hard drive plus I also drive D: (DATA) one new secondary 320 gig hard drive installed. I want to use the system more effectively by saving and store my files on this hard drive automatically is it possible to move my profile of the user of the c:, d: and reserving my main drive for the OS only
There are instructions of third party to do so, but this is not supported by MS and can cause problems
Maybe redirect Documents libraries on the D drive
-
Enter password administration or power password and I fill the collar
Hello, my laptop is not turning as it allows.
When I turn it on it seems to enter administration or power password password and I fill the collar...
So it appears "Press esc" on the bottom left...
And then it seems 5choice: f1, f2, f8, f9, f10...
But if I fill the wrong password, it seems, copy the following code: 56851221Please help me, because I need my phone back as if it were.
:'(Hello
Please try:
49739807
Kind regards.
-
Hello. I disconnected from the home group, but when I try to join the homegroup I can't because I put a password and I forgot the password. What should I do? TQ
Hello. I disconnected from the home group, but when I try to join the homegroup I can't because I put a password and I forgot the password. What should I do? TQ
-
When I try to get HP support assistance it won't let me and says that I need to change username, but I'm the user, very confused!
Hey Dorf,
To provide the proper resolution, I would need more information on your side.
1. How did you try to contact the HP Support?
2. What is the exact error message?
You can check the link for more information about how to contact HP technical support.
http://WWW8.HP.com/us/en/contact-HP/contact.html
Hope this information helps. If you need more assistance or information on this question, reply to this post. I'll be happy to help you.
-
Could not load the faile to logon user profile service, the user profile.
Could not load the faile to logon user profile service, the user profile
That's what I have to answer when I try to log on to my PC Window Vista with my password.
Need help please.
Hello
1st thing to try is the system in safe mode restore to before the problem
http://www.windowsvistauserguide.com/system_restore.htm
Windows Vista
Using the F8 method:
- Restart your computer.
- When the computer starts, you will see your computer hardware are listed. When you see this information begins to tap theF8 key repeatedly until you are presented with theBoot Options Advanced Windows Vista.
- Select the Safe Mode option with the arrow keys.
- Then press enter on your keyboard to start mode without failure of Vista.
- To start Windows, you'll be a typical logon screen. Connect to your computer and Vista goes into safe mode.
- Do whatever tasks you need and when you are done, reboot to return to normal mode.
If that does not solve it read more
read the tutorial below
When you log on a Windows Vista-based or a Windows 7 computer by using a temporary profile, you receive the following error message:
The user profile Service has not logon. User profile cannot be loaded.http://support.Microsoft.com/kb/947215#letmefixit
Your user profile was not loaded correctly! You have been logged on with a temporary profile.
http://support.Microsoft.com/kb/947242
If you tried to log on to Windows and received an error message telling you that your user profile is damaged, you can try to fix it. You will need to create a new profile and then copy the files from the existing to the new profile. You must have at least three user accounts on the computer to perform these operations, including the new account that you created.
http://Windows.Microsoft.com/en-us/Windows-Vista/fix-a-corrupted-user-profile
-
eror message when I connect a profile of the user of Windows Vista Business Service has no logon.
eror message when I connect a profile of the user of Windows Vista Business Service has no logon. Failed to load the user profile after wimdows update I have this problem I try safe mode but the gel keyboard, I try F12 boot does not work please, someone came to help me I need my computer for work
Hello
as you can not get into safe mode and work within the keyboard freezes in safe mode to do a startup repair disk
then do a restore of the system of breast
the link below is how to download and get a vista disk startup repair, which you can start from the
http://NeoSmart.net/blog/2008/Windows-Vista-recovery-disc-download/
Here's how to use startup repair system restore command prompt, etc. to bleepingcomputers link below
http://www.bleepingcomputer.com/tutorials/tutorial148.html
to boot from the dvd drive to be able to you will see a way to get into the bios Setup at the bottom of the screen or command menu start
It would be F2 or delete etc to enter the BIOS or F12 etc. for the start menu
Change boot order it do dvd drive 1st in the boot order
and to read this information to try to fix the user profile cannot be loaded problem
When you log on a Windows Vista-based or a Windows 7 computer by using a temporary profile, you receive the following error message:
The user profile Service has not logon. User profile cannot be loaded.http://support.Microsoft.com/kb/947215#letmefixit
Your user profile was not loaded correctly! You have been logged on with a temporary profile.
http://support.Microsoft.com/kb/947242
If you tried to log on to Windows and received an error message telling you that your user profile is damaged, you can try to fix it. You will need to create a new profile and then copy the files from the existing to the new profile.
http://Windows.Microsoft.com/en-us/Windows-Vista/fix-a-corrupted-user-profile
-
Windows could not load the profile of the user
When I start my PC, is to show the windows user environment could not load the profile of the user, but you connected on default profile for details of the corrupted system registry.
Please reply me with the solution that I use win xp sp2Hi citycc,
1. did you of recent changes on the computer?
2 when was the last time it was working fine?
3. are you able to connect to Windows?
4. how many accounts do you have on the computer?
See the Microsoft article below and check if it helps.
Error message "Windows cannot load your profile because it may be corrupted" when you try to log on Windows XP
-
Hello
Trying to create a standard account on a new Windows 7 computer but can not connect. The message with my Swedish translation is: user profile Service failed to connect. It is not possible to read the profile of the user.
Can someone advice me?Hi Lagun,
Step 1:
I suggest you to follow this link below and check if this solves the problem.
Now search for the question.
Follow the link provided below to fix the damaged user profile.
http://Windows.Microsoft.com/en-us/Windows7/fix-a-corrupted-user-profile
See also:
Error message when you log a computer Windows Vista-based or Windows 7 by using a temporary profile: "the user profile Service has no logon. Unable to load the user profile.
http://support.Microsoft.com/kb/947215
Important: the above section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click on the number below to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
http://support.Microsoft.com/kb/322756/
Step 2:
If you need assistance in Swedish, below the URL provided will help you receive support appropriate for your location information. Open the link and select your region from the drop-down list, and then click the arrow to continue.
http://support.microsoft.com/common/international.aspx.
Thank you, and in what concerns:
I. Suuresh Kumar - Microsoft technical support.Visit our Microsoft answers feedback Forum and let us know what you think.
-
While making a sweep of the AV, I see the files under analysis I want to remove it from my computer. All I can remember for the location of the files is C:\Documents and Settings of the user... I guess that the question is what will be called as temporary Internet files (under Windows 95). What should I do to access the folder where the files are stored?
Tools / folder options. Discover tab show hidden and protected system files
Use ccleaner do... Install, then run it.
-
After about 3 weeks working with Dell Inspiron 14 R and print with HP laserjet 1020, without problem, now I have a problem: when I try to "find the printer (in MS Word, MS PowerPoint, MS Excel for example) I get the message: Active Directory Domain Services is currently unavailable.
I am running Windows 7 Home premium; and I'm the user.
I try to remove and reinstall hp laser jet 1020 once again, but the problem still exist.
After I opened the menu devices and printers, and then click the Hp Laser Jet 1020, the category of this printer icon: 'unknown '.
How can I make the available ADDS?
Try this weird cure:
Just open Notepad, go get a printer and add the printer from here.
I can now print all programs.
He worked for others; like I said, weird!
-
My computer is connected to the Windows 2008 R2 server and some of the users on this computer receive their network drive mapped on group policy and some do not. I find nothing in Event Viewer that shows that there is a problem. Please let me know what to do to get the disks appears
Original title: Network Networking file sharing file sharing file sharing file sharing discovery sharing Fileshare share shared
Hi,
The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums.
TechNet Forum
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer
Hope this information helps.
-
After a quiz can show you the questions and answers of the user to review of test
After taking a quiz, is there a way to show the questions and answers of the user to review of passing the test.
And those who failed the quiz would go to the first slide again to retake the test.
Thank you
Add an interactive object received, such as a button or slide 1 clickbox. Then the review will begin from there because Captivate counts of any object marked as belonging to the scope of Quiz.
Maybe you are looking for
-
How can I fix the damaged file sql server database ME?
Standby my mdf file got damage due to unknown reasons then I used the command dbcc chekcdb but it failed, file MDF is important to me, I don't ' know how to recover data from the mdf file. Please anyone suggest me?
-
I tried several times to install Windows Vista Service Pack 2 and every time I get the same error code 8024016. There is space enough and did not cancel them before updates have been made. Can anyone please help me out and let me know what I can do
-
"Windows needs to install driver software for your Internet access server.
Hello everyone, since April 3, 2010 I get this message just after I turn on the computer and Vista SP2 is ready to ROCK, I change my router in 31 March, for a Lynksis E1000 and it works perfectly since then. Now, in the cry of the message I have diff
-
Cannot restore to Windows 7 from Windows 10
* Original title: update windows 7 As windows 10 insists to upgrade windows 7. As I don't want. Finally, it was destroyed. I have reinstall my purchase DVD of windows 7 again. noway I can't update. even I tried all Microsoft solutions. Is is a way to
-
Allora io non riesco installare he gioco Borderlands sul mio pc (windows 7). Prima mi dava error 1721, sono riuscito a sistemarlo my adesso mi da error 1722. Che cosa posso fare?